Mr. Sharma received a call from a person claiming to be an employee of his bank, asking him for his confidential banking details. Mr. Sharma obliged and later discovered unauthorized transactions in his account that left him poorer.

This is vishing, a form of phishing where a fraudster uses the phone instead of e-mail to lure people into revealing their confidential banking details.

If you get a call from a stranger asking you for your confidential banking details such as account number, debit/credit card details, PINs, passwords etc. report it to your bank with the following information:

The calling number, if you have a caller ID facility.

Any pertinent details of the conversation or recorded message.

The call – back number, if indicated during the call

When you add a payee through internet banking , your bank will give you a secret code(in the case of ICICI Bank, a Unique Reference Number – URN) that you will need to use to authorise transfer of money online from your account to the new payee's account. Do not reveal this code to any stranger, even if the person claims to be an employee of your bank. If you receive an SMS with such a code from your bank without your having added a new payee, report it to your bank immediately.

Remember, your bank will never call, e-mail, or text you asking for your account number or related information that is already present in its records.

Never give your PIN, URN or other bank account details on an unsolicited phone call.

What is Phishing?

'Phishing is an act of sending a fraudulent email, or creating a forged screen or pop up, in an attempt ot capture a customer's sensitive personal details like user id, password or PIN, date of birth, CVV number etc.

How is Phishing carried out?

Through emails

Unsuspecting customers are sent emails which look very similar to the authentic emails sent by banks.

In these emails, the customer is asked to click on a link which redirects him to a fake site resembling the authentic bank site

On this fake site, customers are asked to share their personal details.

Through pop ups

A pop up window appears on the screen while the customer is logged in to the bank website.

These pop ups request the customer to re-enter his or her personal online identity details. Since this pop up appears during the online banking session, it can be easily mistaken to be an authentic request bank.

Once the personal online information is submitted, the fraudster can then use it to make online transactions, posing to be the genuine customer.

Never reply to emails asking for your password or PIN

Beware of online fraudsters trying to capture your
personal details

Phishing is an attempt by fraudsters to “fish” for your personal and confidential information, like User ID, Password, etc through e-mails. This information is then used to take money out of your bank account through a funds transfer.

Do's and Don'ts

Always type the website address. Be wary of clicking on links; they could lead to false websites.

Do not transact or share confidential data on non-https websites.

Do not enter your confidential data in any window that may pop – up while you are carrying out a financial transaction online.

Do not open e-mails or attachments in e-mails sent from people you don't know.

Beware of phishing emails. Your bank or Reserve Bank of India will never ask for your personal details. Do not share them with anyone.

How to identify a phishing e-mail

The e-mail might appear to have come from your bank or a known website.

Some of the characters of the sender's URL might be missing or closely resemble those of the genuine URL. The URL of the fake site will not match the url of the legitimate site.

The e-mail may show urgency for action.

The padlock icon may be missing.

Any e-mail request for your personal and confidential details is almost certainly a phishing attempt

Do not respond to such phishing e-mails. Remember your bank will never ask for your confidential banking details.

Safeguard yourself against phishing!

Never respond to any e-mail that requires you to confirm, upgrade, renew or validate your account details or card details, even if it appears to have come from your bank.

Do not share your OTP, URN or 3D secure passcodes with anybody, even if the caller claims to be from your bank.

Always remember to log off once you have completed an online session. Avoid financial transactions from a cybercafe or shared computer.

Register for e-mail alerts or mobile alerts to get to know well in time about transactions or any changes in your account.

Upgrade your home computer to a legitimate (non-pirated) operating system with a firewall, latest version of browser and anti virus/anti-spyware software.

Money transfer agents, or 'money mules' as they are commonly known, are people who offer their bank accounts for use by fraudsters to transfer funds through the internet.

The fraudsters normally advertise seemingly legitimate jobs in newspapers or the internet, offering a commission for using an applicant's bank account. Little does the innocent respondent realise that such an activity could lead to criminal offences such as money-laundering or cheating through phishing and other scams.

The advertisements may call for people with accounts in certain banks, especially banks with online banking facilities.

How can you avoid becoming a money mule?

Be cautious about any unsolicited offers or opportunities offering you easy money or jobs with work-at-home and flexi time facilities.

Do not participate in bids for lending your bank account for use by strangers.

Even if you have nothing to do with the actual theft of funds from the bank account of another person, allowing your account to be used for such movement of funds is illegal. If caught, you may suffer severe penalties including imprisonment.

How to identify an E-mail scam

If your reaction to an e-mail offer is “This seems too good to be true”, the offer is almost certainly a scam.

Be cautious and suspicious of the following:

Sweepstakes and lotteries that you had not registered for , asking you to make payment in order to receive your prize

An e-mail from a free e-mail account with the name of a large corporate or an organization that has no website.

Offers for jobs that you had not applied for, asking you to make a payment for more information.

Fraudsters send attractive offers through letters, e-mails, calls, SMS messages asking you to deposit money to participate in schemes that “sound too good to be true”. Later, they withdraw the money and stop further communication.

Here is a list of the most common frauds:

Contests and lotteries that you had not registered for, asking you to make a payment for receiving your prize.

E-mails appearing to have been sent from large corporations, public institutions and regulatory bodies

Phone calls or SMSes offering jobs that you had not applied for, intimation of gifts or inheritances supposed to originate from a foreign country, asking you for personal information.

Never trust e-mails offering overseas employment opportunities that sound too good to be true.

Ignore e-mails that ask you to deposit money in advance as a condition to your receiving some prize money

Fraudsters often operate under names that look very similar to the official names of long-standing and reputed companies. Be vigilant.

Never deposit cash or cheques in any unknown bank account.

Do not make a hasty decision to reply to any e-mail that makes big promise.

Caution! Never share your bank account details with strangers---they could be fraudsters aiming to use your account for illicit activities for which you will be held liable.

Never part with your money for gifts, prizes, lottery winning or jobs offered by e-mails from strangers.

How to create a hard – to – crack password

Your internet banking password is the key that opens the door to your account. Therefore, you need to create and choose your passwords carefully and change them often.

Here are a few tips for creating good passwords:

Avoid your name, pet name, the names of your kids, your birthday, your employee number, car number etc. Complicate them with capitals and small letters; use numbers and characters.

Adapt an important date, the first line of your favorite song or the name of a movie. “One flew over the cuckoo's nest”, for example, can get you “ofotcnest”. Here, the initial letters of the words are taken, except the last word , which is retained in full.

Do not create a password so complicated to remember that you need to write it down somewhere.
At the same time, never yield to the temptation of leaving your passwords below the mouse pad, keyboard, in your diary or on a post-it slip stuck to your monitor!

Soon after you receive your password, log in to your account and change the password and destroy the twin layered security paper that brought you the password.

Avoid typing a password in front of someone. Passwords like “kumar123456” are so easy for peepers to see and remember.

Caution! Never share your bank account details with strangers---they could be fraudsters aiming to use your account for illicit activities for which you will be held liable.

Do not disclose your password to anyone. Keep it to yourself

Disclaimer :

The information on this webpage is not tax, legal or investment advice, and no member of ICICI Bank Group has given you any advice.
Nothing in this document is intended to constitute legal, tax, securities, or investment advice, or an opinion regarding the appropriateness of any investment, or a solicitation of any type.